How to create Kafka Kerberos Java consumer

Suppose that you need to create Kafka Java consumer with Kerberos. The code will be:

public KafkaConsumer<String, String> createKafkaKerberosConsumer(String groupID) {
    Properties props = new Properties();
    props.put(ConsumerConfig.BOOTSTRAP_SERVERS_CONFIG, "localhost:3991");
    props.put(ConsumerConfig.GROUP_ID_CONFIG, groupID);
    props.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SASL_PLAINTEXT");
    props.put(SaslConfigs.SASL_KERBEROS_SERVICE_NAME, "HTTP");
    props.put(SaslConfigs.SASL_JAAS_CONFIG, kafkaJaasConfiguration());
    props.put(ConsumerConfig.KEY_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class.getName());
    props.put(ConsumerConfig.VALUE_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class.getName());
    return new KafkaConsumer<String, String>(props);

private String kafkaJaasConfiguration() {
    return " required " +
            "useKeyTab=true " +
            "keyTab=\"/path/to/keytab/name.keytab\" " +
            "storeKey=false " +
            "debug=false " +

You don’t need to specify Java property, because we set SaslConfigs.SASL_JAAS_CONFIG property directly to the consumer.

You just need to made changes in kafkaJaasConfiguration() method that necessary for your Kerberos configuration.

If you still have any questions, feel free to ask me in the comments under this article or write me at

If I saved your day, you can support me 🤝

Leave a Reply

Your email address will not be published. Required fields are marked *